An Enterprise, such as, a business organization, can store data in Enterprise data centers. The data centers can include firewalls that control the incoming and outgoing network traffic by analyzing the data packets and determining whether the data should be allowed through or not. The Enterprise data center can include an intrusion system (e.g., intrusion detection system (IDS), intrusion prevention system (IPS)) behind the firewall to monitor network and/or system activities for malicious activities. For example, a data center may be infected with malicious software, also known as “malware” (e.g., computer viruses, worms, Trojan horses, spyware, etc.). The intrusion systems generally have a large collection of signatures to apply to the incoming network payloads to detect and block threats against server workloads in the data center. Traditional intrusion systems apply every signature in the collection to every network payload, which can cause resource bottlenecks and can negatively affect network throughput.